Name
Abstract | ||
|---|---|---|
Connectivity in today's enterprise networks is regulated by a combination of complex routing and bridging policies, along with various interdiction mechanisms such as ACLs, packet filters, and other middleboxes that attempt to retrofit access control onto an otherwise permissive network architecture. This leads to enterprise networks that are inflexible, fragile, and difficult to manage. To address these limitations, we offer SANE, a protection architecture for enterprise networks. SANE defines a single protection layer that governs all connectivity within the enterprise. All routing and access control decisions are made by a logically-centralized server that grants access to services by handing out capabilities (encrypted source routes) according to declarative access control policies (e.g., "Alice can access http server foo"). Capabilities are enforced at each switch, which are simple and only minimally trusted. SANE offers strong attack resistance and containment in the face of compromise, yet is practical for everyday use. Our prototype implementation shows that SANE could be deployed in current networks with only a few modifications, and it can easily scale to networks of tens of thousands of nodes. |
Year | Venue | Keywords |
|---|---|---|
2006 | USENIX Security | logically-centralized server,access control,grants access,protection architecture,permissive network architecture,complex routing,enterprise network,access control policy,access control decision,server foo |
Field | DocType | Citations |
Architecture domain,Computer science,Computer security,Network packet,Bridging (networking),Network architecture,Computer network,Encryption,Access control,Web server,Enterprise architecture management | Conference | 121 |
PageRank | References | Authors |
29.23 | 29 | 7 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Martin Casado | 1 | 2629 | 381.11 |
| Tal Garfinkel | 2 | 2008 | 171.66 |
| Aditya Akella | 3 | 4138 | 268.44 |
| Michael J. Freedman | 4 | 4451 | 376.47 |
| Dan Boneh | 5 | 21254 | 1398.98 |
| Nick McKeown | 6 | 13247 | 1201.05 |
| Scott Shenker | 7 | 29892 | 2677.04 |